Security rules are enough for Cloud instance's security?

Tech giants like Google, Amazon, Microsoft etc are continuously working on the cloud computing platform and providing various services to users to make their job easy. If we talk about launching a web application on our own datacenter, we know that pain. Because we need to set up various tasks to launch a web application like:

Set up the VM.

Install server OS.

Set up the inbound and outbound rules

Users creation

Install the web server/application server and database server

Configure the web server and database server

Provide access to user

Deploy these web application code to server etc

It will take time to complete all above tasks, which can be 4 to 5 hours or if we take hosting, it may take 24 – 48 hours to launch our app and it may cost high as per requirements or resources. But these tasks can be done in a short time through Orchestration tools of cloud companies. Let’s talk about AWS orchestration service: AWS Cloudformation. AWS Cloudformation gives us the ability to model and provision the Infrastructure through the simple template files. In the template files, we just need to mention the Infrastructure resources that we need to launch for our web application. After that, Cloudformation will manage those resources as a single unit called Stack and take care of everything further. We can also see progress in stack’s console.

There is a service called Compute but Cloud providers gave a different name like AWS: EC2 or OCI: Compute or classic compute, but the functionality of this service is the same. With help of this service, we can launch VMs/Instances in a short time. We need to provide some configurations like:

Machine image

Network Configuration

Storage

Instance RAM & CPUs

Inbound & Outbound rules etc

SSH key and launch…:D

And in a few minutes, your instance will be up.

Now the question is “Security rules(Inbound & Outbound) are enough for Cloud instance’s security?”

I think no, because if we configure 22 port number for SSH and hackers got the public IP address of instance then it will be difficult to survive as they will start to access your instance through SSH and try every possibility to break your instance security to access that. They will start SSH attack every next second with different IPs. But we can survive for a time if we set up SSH keys to access the Instance because it is hard to break the keys.

But if Cloud providers found unusual traffic on your instance then Cloud providers will stop your services from their end even if your VM works fine. Obviously, this will take time and money to launch the new instance or maybe it will affect your users’ traffic.

Now another question is “Are Cloud providers providing some solutions for instance security??”

Yes, Cloud providers provide the solutions for that like GuardDuty by AWS but those solutions will cost you. But if you don’t want to spend money on those services and want to secure your instance then these following steps will let you define some conditions or constraints:

Provide the passphrase in SSH key.

Integrate MFA(Multi-factor authentication) by using Authy or Google Authenticator.